From 579df8ef1240248f1f6254e27e9dd13a980e2a0e Mon Sep 17 00:00:00 2001
From: Arthur Lutz <arthur.lutz@logilab.fr>
Date: Wed, 24 Jun 2015 15:53:07 +0200
Subject: [PATCH] Add kerberos authentification support in libpepper.py,
 requires requests_kerberos (related to #34)

---
 pepper/cli.py       |  3 +++
 pepper/libpepper.py | 42 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+)

diff --git a/pepper/cli.py b/pepper/cli.py
index a048be8..2d4bb05 100644
--- a/pepper/cli.py
+++ b/pepper/cli.py
@@ -185,6 +185,9 @@ def get_login_details(self):
         if self.options.saltapiurl:
             results['SALTAPI_URL'] = self.options.saltapiurl
 
+        if results['SALTAPI_EAUTH'] == 'kerberos':
+            results['SALTAPI_PASS'] = None
+
         if self.options.eauth:
             results['SALTAPI_EAUTH'] = self.options.eauth
             if self.options.username is None:
diff --git a/pepper/libpepper.py b/pepper/libpepper.py
index dbab2e5..c4d3bfe 100644
--- a/pepper/libpepper.py
+++ b/pepper/libpepper.py
@@ -76,6 +76,9 @@ def req(self, path, data=None):
         :rtype: dictionary
 
         '''
+        if (hasattr(data, 'get') and data.get('eauth') == 'kerberos') or self.auth.get('eauth') == 'kerberos':
+            return self.req_requests(path, data)
+
         headers = {
             'Accept': 'application/json',
             'Content-Type': 'application/json',
@@ -129,6 +132,45 @@ def req(self, path, data=None):
 
         return ret
 
+    def req_requests(self, path, data=None):
+        '''
+        A thin wrapper around request and request_kerberos to send
+        requests and return the response
+
+        If the current instance contains an authentication token it will be
+        attached to the request as a custom header.
+
+        :rtype: dictionary
+
+        '''
+        import requests
+        from requests_kerberos import HTTPKerberosAuth, OPTIONAL
+        auth = HTTPKerberosAuth(mutual_authentication=OPTIONAL)
+        headers = {
+            'Accept': 'application/json',
+            'Content-Type': 'application/json',
+            'X-Requested-With': 'XMLHttpRequest',
+        }
+        if self.auth and 'token' in self.auth and self.auth['token']:
+            headers.setdefault('X-Auth-Token', self.auth['token'])
+        # TODO make an option
+        self._ssl_verify = False
+        params = {'url': self.api_url + path,
+                  'headers': headers,
+                  'verify': self._ssl_verify,
+                  'auth': auth,
+                  'data': json.dumps(data),
+                  }
+        logger.debug('postdata {0}'.format(params))
+        resp = requests.post(**params)
+        if resp.status_code == 401:
+            # TODO should be resp.raise_from_status
+            raise PepperException('Authentication denied')
+        if resp.status_code == 500:
+            # TODO should be resp.raise_from_status
+            raise PepperException('Server error.')
+        return resp.json()
+
     def low(self, lowstate, path='/'):
         '''
         Execute a command through salt-api and return the response